Secret CISO 10/8: Comcast and MoneyGram Data Breaches, AI-Powered Breaches in Asia, Research on iOS 18 Bug and Windows Users Warning

Secret CISO 10/8: Comcast and MoneyGram Data Breaches, AI-Powered Breaches in Asia, Research on iOS 18 Bug and Windows Users Warning

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches, a phenomenon that has already impacted hundreds of millions of Americans this year. We'll be discussing the various forms of data compromises, including data exposures and data leaks, and the different types of identity theft that can occur as a result. We'll also be looking at some recent high-profile data breaches, including those at Comcast and MoneyGram. The breach at Comcast, a former contractor firm, compromised the data of over 200,000 subscribers, while MoneyGram confirmed that personal information may have been stolen in a recent data breach incident.

In addition, we'll be exploring the growing concern for businesses in the Asia Pacific region about AI-powered data breaches. A new survey reveals that 87% of cybersecurity leaders are worried about AI increasing the sophistication and severity of data breaches. We'll also be sharing some tips on how to protect your personal data during a hack, and discussing the implications of a recent data breach claim against a medical center that was dismissed as too speculative. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed. Secret CISO

Data Breaches

  1. Comcast Data Breach: A former contractor firm suffered a data breach compromising the data of over 200,000 Comcast subscribers. The exposed data includes names, addresses, and Social Security numbers. Comcast is notifying affected individuals and offering free identity theft protection services. Source: Tech.co, Wccftech, Times of India
  2. MoneyGram Data Breach: US money transfer giant MoneyGram confirmed a data breach incident that may have resulted in the theft of customers' personal information. The breach also involved the theft of some customer Social Security numbers. Source: Infosecurity Magazine, TechCrunch
  3. AI-Powered Data Breaches: A new Cloudflare survey reveals that 87% of cybersecurity leaders are concerned about AI increasing the sophistication and severity of data breaches. This highlights the growing concern for businesses in the Asia Pacific region. Source: CXOToday
  4. ADT Data Breach: Home and small business security company ADT disclosed a breach after threat actors gained access to its systems using stolen credentials. This is the second breach the company has disclosed in two months. Source: BleepingComputer
  5. Columbus Data Breach: The city of Columbus is pledging an additional $3 million to fix a data breach. The budget includes up to $2,401,052 for system forensics, highlighting the significant financial impact of such incidents. Source: NBC4 WCMH-TV

Security Research

  1. Securing Space Applications - University of Portsmouth: The research emphasizes the importance of securing electronic systems in space applications. It highlights the need for robust protection measures to safeguard research and national defense interests. Source: University of Portsmouth
  2. iPhone Privacy Warning—iOS 18 Mirroring Bug - Forbes: Security researchers have discovered a privacy bug in iOS 18 and macOS 15.0 Sequoia, prompting an iPhone warning. The bug could potentially expose user data. Source: Forbes
  3. Web Browser Security Update Warning - Forbes: Gen Threat Labs' security researchers have warned users about the WarmCookie Windows Backdoor installed by fake web browser updates. The warning is particularly relevant for users of popular web browsers. Source: Forbes
  4. Pro-Ukrainian Hackers Strike Russian State TV - The Hacker News: Security researcher Zoltán Rusnák reports on the aggressive and persistent approach of Gamaredon, a group of pro-Ukrainian hackers who targeted Russian State TV. Despite the simplicity of their tools, their impact is significant. Source: The Hacker News
  5. GoldenJackal Targets Embassies and Air-Gapped Systems - The Hacker News: Security researcher Matías Porolli provides an exhaustive analysis of GoldenJackal, a threat actor that targets embassies and air-gapped systems using malware toolsets. The group first came to light in May 2023. Source: The Hacker News

Top CVEs

  1. CVE-2024-31449: Redis, an open-source in-memory database, has a stack buffer overflow vulnerability that could potentially lead to remote code execution. This issue, which affects all versions of Redis with Lua scripting, can be triggered by an authenticated user using a specially crafted Lua script. The problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Source: CVE-2024-31449
  2. CVE-2024-31227: Redis 7 has a vulnerability that can trigger a server panic and subsequent denial of service when an authenticated user with sufficient privileges creates a malformed ACL selector. Users are advised to upgrade to versions 7.2.6 or 7.4.1. Source: CVE-2024-31227
  3. CVE-2024-31228: Redis has a denial-of-service vulnerability that can be triggered by authenticated users using specially crafted, long string match patterns on supported commands. This can result in unbounded recursion, leading to stack overflow and process crash. The problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Source: CVE-2024-31228
  4. CVE-2024-8926: PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3.* before 8.3.12 have a vulnerability that can be exploited when using certain non-standard configurations of Windows codepages. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server. Source: CVE-2024-8926
  5. CVE-2024-9576: Distro Linux Workbooth v2.5 has a vulnerability that allows for privilege escalation to the root user by manipulating the network configuration. Source: CVE-2024-9576

API Security

  1. Arbitrary Argument Injection in ggit package: All versions of the ggit package are susceptible to Arbitrary Argument Injection through the clone() API. This vulnerability arises from the lack of user input sanitization and URL scheme validation. Additionally, the library fails to correctly pass command-line flags to the git binary using the double-dash POSIX characters (--). Source: CVE-2024-21533.
  2. Command Injection in ggit package: All versions of the ggit package are vulnerable to Command Injection via the fetchTags(branch) API. This vulnerability stems from the API's allowance of user input to specify the branch to be fetched, which is then concatenated with a git command and passed to the unsafe exec() Node.js child process. Source: CVE-2024-21532.

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We've covered a lot of ground, from the alarming rise in data breaches to the growing concerns over AI-powered data breaches. Remember, staying informed is the first step in protecting your data and your identity.

If you found this newsletter helpful, why not share it with your colleagues and friends? The more we spread the word about these threats, the better prepared we can all be. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 12/21: Clinic, Rapido, Monument Health, Credit Union, Duke Energy Data Breaches; Microsoft, Cisco, McDonald's Security Flaws; Research on AI, Biochar, Microgrid Cyber Resilience

Secret CISO 12/21: Clinic, Rapido, Monument Health, Credit Union, Duke Energy Data Breaches; Microsoft, Cisco, McDonald's Security Flaws; Research on AI, Biochar, Microgrid Cyber Resilience

Good morning, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research. We start with a critique of a clinic's response to a data breach that exposed patients' personal and financial data. In India, ride-hailing platform Rapido has

By Secret CISO